<!DOCTYPE HTML>
<!--
	Dimension by HTML5 UP
	html5up.net | @ajlkn
	Free for personal and commercial use under the CCA 3.0 license (html5up.net/license)
-->
<html>
 <head>
  <title>
   Dimension by HTML5 UP
  </title>
  <!-- <meta charset="utf-8" /> -->
  <!-- <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" /> -->
  <meta charset="utf-8"/>
  <meta content="width=device-width,initial-scale=1.0" name="viewport"/>
  <link href="../../assets/css/article.css" rel="stylesheet"/>
  <link href="https://cdn.bootcss.com/highlight.js/9.15.8/styles/github.min.css" rel="stylesheet"/>
  <noscript>
   <link href="../../assets/css/noscript.css" rel="stylesheet"/>
  </noscript>
 </head>
 <body>
  <div id="app">
  </div>
  <!-- built files will be auto injected -->
 </body>
 <body class="is-preload">
  <!-- Wrapper -->
  <div id="wrapper">
   <!-- Main -->
   <div id="main">
    <article id="article">
     <h1 id="iptables">
      iptables 端口转发和映射
     </h1>
     <hr/>
     <div class="codehilite">
      <pre><span></span><code><span class="p">;</span> 添加
iptables -t nat -A PREROUTING -p tcp -m tcp --dport <span class="m">40001</span> -j DNAT --to-destination <span class="m">172</span>.19.104.19:27017
iptables -t nat -A POSTROUTING -d <span class="m">172</span>.19.104.19/32 -p tcp -j SNAT --to-source <span class="m">172</span>.19.104.28

<span class="p">;</span> 删除
iptables -t nat -D PREROUTING -p tcp -m tcp --dport <span class="m">40001</span> -j DNAT --to-destination <span class="m">172</span>.19.104.19:27017
iptables -t nat -D POSTROUTING -d <span class="m">172</span>.19.104.19/32 -p tcp -j SNAT --to-source <span class="m">172</span>.19.104.28

<span class="p">;</span> 保存并生效
service iptables save
service iptables restart

b.不同端口转发
<span class="p">;</span> 添加
iptables -t nat -A PREROUTING -p tcp -i enp6s0 --dport <span class="m">443</span> -j DNAT --to <span class="m">172</span>.19.104.28:27017
iptables -t nat -A POSTROUTING -j MASQUERADE
service iptables save
service iptables restart

<span class="p">;</span> 删除
iptables -t nat -D PREROUTING -p tcp -i enp6s0 --dport <span class="m">443</span> -j DNAT --to <span class="m">172</span>.19.104.28:27017
iptables -t nat -D POSTROUTING -j MASQUERADE
service iptables save
service iptables restart

<span class="p">;</span> 保存并生效
service iptables save
service iptables restart

<span class="p">;</span> 查看规则
cat /etc/sysconfig/iptables

yum install iptables-services
iptables -A INPUT -p tcp --dport <span class="m">22</span> -j ACCEPT
iptables -A OUTPUT -p tcp --sport <span class="m">22</span> -j ACCEPT

iptables -I INPUT -s <span class="m">185</span>.10.68.91 -j DROP
<span class="m">185</span>.10.68.91
iptables -I INPUT -s master.clminer.ru -j DROP
service iptables save
service iptables restart

-A IN_public_allow -p tcp -m tcp --dport <span class="m">22</span> -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport <span class="m">29001</span> -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport <span class="m">29002</span> -m conntrack --ctstate NEW -j ACCEPT

应该在默认的22端口这条规则的下面添加端口新规则，然后重启防火墙才能生效。如下：
</code></pre>
     </div>
     <h2 id="_1">
      参考链接
     </h2>
     <ul>
      <li>
       <a href="http://hi.ktsee.com/635.html">
        Linux通过iptables端口转发访问内网服务器上的内网服务
       </a>
      </li>
      <li>
       <a href="https://blog.csdn.net/taiyang1987912/article/details/40189371">
        centos下配置防火墙端口失败
       </a>
      </li>
      <li>
       <a href="https://blog.csdn.net/zzhongcy/article/details/42738285">
        linux下用iptables做本机端口转发方法
       </a>
      </li>
      <li>
       <a href="https://blog.csdn.net/kongfanyu/article/details/80579493">
        CentOS 7 使用iptables 开放端口
       </a>
      </li>
      <li>
       <a href="https://blog.csdn.net/taiyang1987912/article/details/40189371">
        将规则添加到防火墙中，总是端口无法开启
       </a>
      </li>
     </ul>
    </article>
   </div>
   <!-- Footer -->
   <footer id="footer">
    <p class="copyright">
     © Untitled. Design:
     <a href="https://html5up.net">
      HTML5 UP
     </a>
     .
    </p>
   </footer>
  </div>
  <!-- BG -->
  <div id="bg">
  </div>
  <!-- Scripts -->
  <script src="../assets/js/jquery.min.js">
  </script>
  <script src="../assets/js/browser.min.js">
  </script>
  <script src="../assets/js/breakpoints.min.js">
  </script>
  <script src="../assets/js/util.js">
  </script>
  <script src="../assets/js/main.js">
  </script>
 </body>
</html>
